On 15.09.2015 22:55, Alon Bar-Lev wrote:
----- Original Message -----
> From: "Daniel Helgenberger" <daniel.helgenberger(a)m-box.de>
> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
> Cc: Users(a)ovirt.org
> Sent: Tuesday, September 15, 2015 11:09:45 PM
> Subject: Re: [ovirt-users] Extension aaa: No search for principal
>
> I think I did find the issue here;
>
> my domain is named
int.corp.com
>
> I have defined several UPN aliases and our real world users do use the UPN
> @corp.com.
>
> Using some internal user with UPN
int.corp.com the authentication works as
> expected; while my real world users fail.
>
> I tried to create a new profile for that; but it fails to load off course
> because the domain
corp.com cannot be connected.
>
the user is upn, users should specify their full upn if this non default domain suffix.
Hello Alon,
you do not need a new profile.
in your case it would probably be user1(a)corp.com for user1.
right ... should have tried that in the first place. Works very well now.
Thanks for helping me sort that through!
--
Daniel Helgenberger
m box bewegtbild GmbH
P: +49/30/2408781-22
F: +49/30/2408781-10
ACKERSTR. 19
D-10115 BERLIN
www.m-box.de www.monkeymen.tv
Geschäftsführer: Martin Retschitzegger / Michaela Göllner
Handeslregister: Amtsgericht Charlottenburg / HRB 112767